Fix some sonarcloud warnings. (aws#2723)

Author: millems

release-scripts/src/main/java/software/amazon/awssdk/release/PomTransformer.java

@@ -16,6 +16,7 @@
 package software.amazon.awssdk.release;
 
 import java.nio.file.Path;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
@@ -33,7 +34,7 @@
 
 public abstract class PomTransformer {
     public final void transform(Path file) throws Exception {
-        DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+        DocumentBuilderFactory docFactory = newSecureDocumentBuilderFactory();
         DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
         Document doc = docBuilder.parse(file.toFile());
 
@@ -50,7 +51,7 @@ public final void transform(Path file) throws Exception {
 
         updateDocument(doc);
 
-        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        TransformerFactory transformerFactory = newSecureTransformerFactory();
         transformerFactory.setAttribute("indent-number", 4);
         Transformer transformer = transformerFactory.newTransformer();
         transformer.setOutputProperty(OutputKeys.INDENT, "yes");
@@ -102,4 +103,48 @@ protected final Element sdkDependencyElement(Document doc, String artifactId) {
 
         return newDependency;
     }
+
+    private DocumentBuilderFactory newSecureDocumentBuilderFactory() {
+        DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+        docFactory.setXIncludeAware(false);
+        docFactory.setExpandEntityReferences(false);
+        trySetFeature(docFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        trySetFeature(docFactory, "http://apache.org/xml/features/disallow-doctype-decl", true);
+        trySetFeature(docFactory, "http://xml.org/sax/features/external-general-entities", false);
+        trySetFeature(docFactory, "http://xml.org/sax/features/external-parameter-entities", false);
+        trySetAttribute(docFactory, "http://javax.xml.XMLConstants/property/accessExternalDTD", "");
+        trySetAttribute(docFactory, "http://javax.xml.XMLConstants/property/accessExternalSchema", "");
+        return docFactory;
+    }
+
+    private TransformerFactory newSecureTransformerFactory() {
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        trySetAttribute(transformerFactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        trySetAttribute(transformerFactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+        return transformerFactory;
+    }
+
+    private void trySetFeature(DocumentBuilderFactory factory, String feature, boolean value) {
+        try {
+            factory.setFeature(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private void trySetAttribute(DocumentBuilderFactory factory, String feature, String value) {
+        try {
+            factory.setAttribute(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private void trySetAttribute(TransformerFactory factory, String feature, Object value) {
+        try {
+            factory.setAttribute(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
 }

test/protocol-tests-core/src/main/java/software/amazon/awssdk/protocol/asserts/marshalling/XmlAsserts.java

@@ -25,7 +25,6 @@
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
@@ -42,7 +41,7 @@ private XmlAsserts() {
     }
 
     private static DocumentBuilder getDocumentBuilder() {
-        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        DocumentBuilderFactory dbf = newSecureDocumentBuilderFactory();
         try {
             return dbf.newDocumentBuilder();
         } catch (ParserConfigurationException e) {
@@ -74,7 +73,7 @@ private static String formatXml(String xmlDocumentString) throws Exception {
     }
 
     private static String formatXml(Document xmlDocument) throws Exception {
-        Transformer transformer = transformerFactory().newTransformer();
+        Transformer transformer = newSecureTransformerFactory().newTransformer();
         transformer.setOutputProperty(OutputKeys.INDENT, "yes");
         StreamResult result = new StreamResult(new StringWriter());
         DOMSource source = new DOMSource(xmlDocument);
@@ -84,12 +83,47 @@ private static String formatXml(Document xmlDocument) throws Exception {
         }
     }
 
-    private static TransformerFactory transformerFactory() throws TransformerConfigurationException {
-        TransformerFactory factory = TransformerFactory.newInstance();
-        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-        if (factory.getFeature(XMLConstants.ACCESS_EXTERNAL_DTD)) {
-            factory.setFeature(XMLConstants.ACCESS_EXTERNAL_DTD, false);
+    private static DocumentBuilderFactory newSecureDocumentBuilderFactory() {
+        DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+        docFactory.setXIncludeAware(false);
+        docFactory.setExpandEntityReferences(false);
+        trySetFeature(docFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        trySetFeature(docFactory, "http://apache.org/xml/features/disallow-doctype-decl", true);
+        trySetFeature(docFactory, "http://xml.org/sax/features/external-general-entities", false);
+        trySetFeature(docFactory, "http://xml.org/sax/features/external-parameter-entities", false);
+        trySetAttribute(docFactory, "http://javax.xml.XMLConstants/property/accessExternalDTD", "");
+        trySetAttribute(docFactory, "http://javax.xml.XMLConstants/property/accessExternalSchema", "");
+        return docFactory;
+    }
+
+    private static TransformerFactory newSecureTransformerFactory() {
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        trySetAttribute(transformerFactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        trySetAttribute(transformerFactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+        return transformerFactory;
+    }
+
+    private static void trySetFeature(DocumentBuilderFactory factory, String feature, boolean value) {
+        try {
+            factory.setFeature(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static void trySetAttribute(DocumentBuilderFactory factory, String feature, String value) {
+        try {
+            factory.setAttribute(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static void trySetAttribute(TransformerFactory factory, String feature, Object value) {
+        try {
+            factory.setAttribute(feature, value);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
         }
-        return factory;
     }
 }

test/sdk-benchmarks/src/main/java/software/amazon/awssdk/benchmark/utils/BenchmarkUtils.java

@@ -70,7 +70,9 @@ public static SslProvider getSslProvider(String sslProviderValue) {
 
     public static void awaitCountdownLatchUninterruptibly(CountDownLatch countDownLatch, int timeout, TimeUnit unit) {
         try {
-            countDownLatch.await(timeout, unit);
+            if (!countDownLatch.await(timeout, unit)) {
+                throw new RuntimeException("Countdown latch did not successfully return within " + timeout + " " + unit);
+            }
         } catch (InterruptedException e) {
             // No need to re-interrupt.
             logger.error(() -> "InterruptedException thrown ", e);